-
Notifications
You must be signed in to change notification settings - Fork 103
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This new controller reconciles on NatMapping resources. In particular, it guarrantees the appropriate set of NAT rules is in place and updated by consuming the IPTables module.
- Loading branch information
1 parent
a4a0da9
commit 79d1d32
Showing
14 changed files
with
611 additions
and
316 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
// Package natmappingoperator is responsible of reconciling | ||
// NatMapping resource and ensuring the proper set of NAT rules are inserted. | ||
package natmappingoperator |
97 changes: 97 additions & 0 deletions
97
internal/liqonet/natmappingoperator/natmapping-operator.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
package natmappingoperator | ||
|
||
import ( | ||
"context" | ||
"fmt" | ||
"sync" | ||
|
||
"github.com/containernetworking/plugins/pkg/ns" | ||
apierrors "k8s.io/apimachinery/pkg/api/errors" | ||
"k8s.io/apimachinery/pkg/runtime" | ||
"k8s.io/klog/v2" | ||
ctrl "sigs.k8s.io/controller-runtime" | ||
"sigs.k8s.io/controller-runtime/pkg/client" | ||
|
||
netv1alpha1 "github.com/liqotech/liqo/apis/net/v1alpha1" | ||
"github.com/liqotech/liqo/pkg/liqonet/iptables" | ||
) | ||
|
||
// NatMappingController reconciles a NatMapping object. | ||
type NatMappingController struct { | ||
client.Client | ||
Scheme *runtime.Scheme | ||
iptables.IPTHandler | ||
readyClustersMutex *sync.Mutex | ||
readyClusters map[string]struct{} | ||
gatewayNetns ns.NetNS | ||
} | ||
|
||
var result = ctrl.Result{ | ||
Requeue: false, | ||
} | ||
|
||
//+kubebuilder:rbac:groups=net.liqo.io,resources=natmappings,verbs=get;list;watch;create;update;patch;delete | ||
|
||
// Reconcile NatMapping resource. | ||
func (npc *NatMappingController) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { | ||
var nm netv1alpha1.NatMapping | ||
|
||
if err := npc.Get(ctx, req.NamespacedName, &nm); apierrors.IsNotFound(err) { | ||
// Reconcile was triggered by a delete request | ||
return result, client.IgnoreNotFound(err) | ||
} else if err != nil { | ||
// Unknown error | ||
klog.Errorf("an error occurred while getting resource %s: %s", req.NamespacedName, err.Error()) | ||
return result, err | ||
} | ||
// There's no need of a pre-delete logic since IPTables rules for cluster are removed by the | ||
// tunnel-operator after the un-peer. | ||
|
||
// The following logic has to be executed in the custom network namespace, | ||
// and not on the root namespace. Therefore it must be defined in a closure | ||
// and then used as parameter of method Do of netNs | ||
if err := npc.gatewayNetns.Do(func(netNamespace ns.NetNS) error { | ||
// Is the remote cluster tunnel ready? If not, do nothing | ||
npc.readyClustersMutex.Lock() | ||
defer npc.readyClustersMutex.Unlock() | ||
if _, ready := npc.readyClusters[nm.Spec.ClusterID]; !ready { | ||
return fmt.Errorf("tunnel for cluster %s is not ready", nm.Spec.ClusterID) | ||
} | ||
|
||
if err := npc.IPTHandler.EnsurePreroutingRulesPerNatMapping(&nm); err != nil { | ||
klog.Errorf("unable to ensure prerouting rules: %s", err.Error()) | ||
return err | ||
} | ||
return nil | ||
}); err != nil { | ||
return result, err | ||
} | ||
return result, nil | ||
} | ||
|
||
// SetupWithManager sets up the controller with the Manager. | ||
func (npc *NatMappingController) SetupWithManager(mgr ctrl.Manager) error { | ||
return ctrl.NewControllerManagedBy(mgr). | ||
For(&netv1alpha1.NatMapping{}). | ||
Complete(npc) | ||
} | ||
|
||
// NewController returns a NAT mapping controller istance. | ||
func NewController( | ||
mgr ctrl.Manager, | ||
readyClustersMutex *sync.Mutex, | ||
readyClusters map[string]struct{}, | ||
gatewayNetns ns.NetNS, | ||
) (*NatMappingController, error) { | ||
iptablesHandler, err := iptables.NewIPTHandler() | ||
if err != nil { | ||
return nil, err | ||
} | ||
return &NatMappingController{ | ||
Client: mgr.GetClient(), | ||
IPTHandler: iptablesHandler, | ||
readyClustersMutex: readyClustersMutex, | ||
readyClusters: readyClusters, | ||
gatewayNetns: gatewayNetns, | ||
}, nil | ||
} |
Oops, something went wrong.